Add Assume Role Option For ECR Pushes

This commit is contained in:
Joe Walton 2019-04-24 13:31:46 +01:00
parent ebce953fc4
commit b5b34938c5
No known key found for this signature in database
GPG Key ID: 96949BF093284C43

View File

@ -12,6 +12,7 @@ import (
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
"github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ecr" "github.com/aws/aws-sdk-go/service/ecr"
) )
@ -27,6 +28,7 @@ func main() {
create = parseBoolOrDefault(false, getenv("PLUGIN_CREATE_REPOSITORY", "ECR_CREATE_REPOSITORY")) create = parseBoolOrDefault(false, getenv("PLUGIN_CREATE_REPOSITORY", "ECR_CREATE_REPOSITORY"))
lifecyclePolicy = getenv("PLUGIN_LIFECYCLE_POLICY") lifecyclePolicy = getenv("PLUGIN_LIFECYCLE_POLICY")
repositoryPolicy = getenv("PLUGIN_REPOSITORY_POLICY") repositoryPolicy = getenv("PLUGIN_REPOSITORY_POLICY")
assumeRole = getenv("PLUGIN_ASSUME_ROLE")
) )
// set the region // set the region
@ -47,7 +49,7 @@ func main() {
log.Fatal(fmt.Sprintf("error creating aws session: %v", err)) log.Fatal(fmt.Sprintf("error creating aws session: %v", err))
} }
svc := ecr.New(sess) svc := getECRClient(sess, assumeRole)
username, password, registry, err := getAuthInfo(svc) username, password, registry, err := getAuthInfo(svc)
if err != nil { if err != nil {
log.Fatal(fmt.Sprintf("error getting ECR auth: %v", err)) log.Fatal(fmt.Sprintf("error getting ECR auth: %v", err))
@ -178,3 +180,11 @@ func getenv(key ...string) (s string) {
} }
return return
} }
func getECRClient(sess *session.Session, role string) *ecr.ECR {
if role == "" {
return ecr.New(sess)
}
creds := stscreds.NewCredentials(sess, role)
return ecr.New(sess, &aws.Config{Credentials: creds})
}